62e05e2f5b
- add mark-stable workflow that runs on workflow_run for all test pipelines - use GitHub API to ensure all required workflows succeeded before moving the 'stable' tag - add Nix flake.lock to pin nixpkgs for reproducible builds https://chatgpt.com/share/693aa4a6-7460-800f-ba47-cfc15b1b2236